A newly found vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts gadgets working quite a few Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw.
The vulnerability, dubbed ‘UEFICANHAZBUFFEROVERFLOW,’ is a buffer overflow bug within the firmware’s Trusted Platform Module (TPM) configuration that could possibly be exploited to carry out code execution on weak gadgets.
The flaw was found by Eclypsium, who recognized it on Lenovo ThinkPad X1 Carbon seventh Gen and X1 Yoga 4th Gen gadgets, however later confirmed with Phoenix that it impacts the SecureCore firmware for Alder Lake, Espresso Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake Intel CPUs as nicely.
Because of the massive variety of Intel CPUs utilizing this firmware, the vulnerability has the potential to influence lots of of fashions from Lenovo, Dell, Acer, and HP.
UEFI firmware is a worthwhile goal
UEFI firmware is taken into account safer because it contains Safe Boot, which is supported by all fashionable working methods, together with Home windows, macOS, and Linux. Safe Boot cryptographically confirms a tool is simply booted utilizing trusted drivers and software program, blocking the boot course of if it detects malicious software program.
As Safe Boot makes it a lot tougher for menace actors to put in persistent boot malware and drivers, UEFI bugs have turn into more and more focused to create malware referred to as bootkits.
Bootkits are malware that masses very early within the UEFI boot course of, giving the malicious applications low-level entry to the operation and making them very tough to detect like we noticed the BlackLotus, CosmicStrand, and MosaicAggressor UEFI malware.
Eclypsium says the bug they discovered lies in a buffer overflow inside the System Administration Mode (SMM) subsystem of Phoenix SecureCore firmware, permitting attackers to probably overwrite adjoining reminiscence.
If the reminiscence was overwritten with the right knowledge, an attacker may probably elevate privileges and acquire code execution talents within the firmware to put in bootkit malware.
“The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead to a buffer overflow and potential malicious code execution,” warns Eclypsium.
“To be clear, this vulnerability lies in the UEFI code handling TPM configuration—in other words, it doesn’t matter if you have a security chip like a TPM if the underlying code is flawed.”
After discovering the bug, Eclypsium coordinated a disclosure with Phoenix and Lenovo to repair the failings.
In April, Phoenix issued an advisory and Lenovo started releasing new firmware in Could to resolve the vulnerabilities in over 150 totally different fashions. It is very important notice that not all fashions have out there firmware right now, with many deliberate for later this 12 months.
